Main menu

We’re Upping Our Support to Mobile Browsing

The Tor Project has always fought for freedom of speech and open access to the internet. To do so, it’s essential for us to reach people in areas in the world with heavy online surveillance and censorship, especially those in the Global South.

Most people in these regions only use smartphones to access the internet, and we want to better support these users. So we developed a strategy to do better for folks who have low-bandwidth connections, limited data plans, or who can only connect to the internet through low-end devices.

Eleven percent of smartphone usage around the world in 2014 was mobile browsing, so we knew giving better support to a mobile browser would be critical to this strategy.

Around a year ago, folks from the Tor Project and the Guardian Project met to discuss the future of Tor Browser on mobile devices. The discussion began with Orfox, a Google Summer of Code (GSoC) project for mobile browsing over the Tor network. Since then, we have been working towards Orfox having similar functionality and security guarantees as Tor Browser for desktop.

How we’re bringing Orfox on par with Tor Browser

Our first improvement was to port the Security Slider from Tor Browser desktop to Orfox. To adapt this feature from a desktop application into a mobile application, we had to change how the UI works for the mobile screen.

The Security Slider lets you customize your browsing experience according to the security level you want to have when accessing sites. The higher the level, the more things Tor blocks to give you more security. This also changes your experience of the site. For instance, the site might not show “new posts” notifications on Twitter’s timeline because it has blocked javascript. It also may not load and play a video because some of the required scripts could be used by a skilled adversary to reveal identifying information about you.

The UX Team and the Guardian Project collaborated on this effort iterating on mockups and reviewing UI copies, until there was a version everyone felt was good enough to be build. Once it was up and running as a beta, the UX Team ran a validation test to see if this interface and copy made sense to users. With the help of Amogh, an Orfox developer, we tested our UI with 12 users in India and 3 others in the U.S. We used this feedback to improve our copy and iterate on the slider UI.

This was the first time Tor did a full development cycle following UX best practices, such as being involved with the conceptualization of the UI and performing user testing to validate our hypothesis. Since we don’t collect data on user behavior, we had to build a testing methodology so our community could help us perform these tests with our users. We are now applying UX best practices to all of our development cycles.

Try Out the New Slider

The newest version of Orfox is available from the Google Play store or download the apk installation file from our git repo or get it at F-Droid store. If you use Android, download it or update your current app to check it out. To see what we discussed here, open the settings menu and scroll down to the ‘Orfox Settings’ option.

As always, we want your feedback! You can use the comments below.

There’s more to come

Mobile is becoming a core part of our development thinking at Tor. We will continue to work with Orfox, and when the Tor Browser Team comes up with a new feature, we’ll be thinking how we can make it work on mobile as well. We’ll keep publishing updates like this about our efforts to improve mobile experience, especially for those in the Global South.

A big thank you for the folks who worked on this project: Amogh Pradeep, Thomas Rientjes, Linda Lee, Nathan Freitas and Georg Koppen. o/

gk said back then that they were working on Tor Browser builds for android later this year; can we have any rough idea on when this will be available and whether the Orfox branding will be dropped then? Thank you team o/

I get iPhones are not really low-end market and a lot less popular in southern hemisphere compared to Android, also having a closed source OS... but is Orfox or an official TBB for iOS considered by the team?

Great, as I have been eagerly awaiting simpler security settings! Before, I had to manually tweak site specific NoScript preferences to get some particular pages to work. This helps a lot, and it's working very well for me. It's also nice to read that there are more improvements in the works.

Which is the latest recommended version? I'm seeing five versions including Orfox-1.2.1 (12/2/16) and Orfox-1.4-RC3 (11/4/16). Why is the newest version number not also the newest release date? (I've been going by date and still using 1.2.1)

Also huge thank you for giving attention to android! I know you guys are busy with more important things but it just seems orfox has been a little neglected in the past year or so. Glad to hear that's about to change!

Okay I can see 1.4-RC-3 has the highest version number, but 1.2.1 was released 29 days later. I guess it could be that 1.4 is still an experimental branch, and 1.2.1 is a stable branch that received backports almost a month later, but then I still don't know which one is recommended.

- the slider is a good idea, but not really usable the way it is implemented right now. if it was the same way as on desktop TBB, for example that the middle setting only deactivates Javascript on non-https sites, that would be fine. If even the middle security setting completely disables Javascript (not even letting it enable via NoScript), there's pretty much not a single site in the internet that will work like that. Should be able to enable Javascript for a given site even with the slider not on low.

- Android language setting is leaking into HTTP_ACCEPT header (try on panopticlick.eff.org). Test it for yourself: change Android OS language to anything other than EN_US and it will show. On non-English desktop TBB, the user is specificall asked if they want the site to know their language setting.

- the slider is a good idea, but not really usable the way it is implemented right now. if it was the same way as on desktop TBB, for example that the middle setting only deactivates Javascript on non-https sites, that would be fine. If even the middle security setting completely disables Javascript (not even letting it enable via NoScript), there's pretty much not a single site in the internet that will work like that. Should be able to enable Javascript for a given site even with the slider not on low.

We have been talking about this for a bit now and we got some good ideas that might help solve this problem. Of course, whatever we do, we know we will have to figure out how to make it work on mobile as well :)

- Android language setting is leaking into HTTP_ACCEPT header (try on panopticlick.eff.org). Test it for yourself: change Android OS language to anything other than EN_US and it will show. On non-English desktop TBB, the user is specificall asked if they want the site to know their language setting.

Is there any plan to obscure the IMEI and IMSI numbers? If not, do they present a big threat to keeping your location disguised? A journalist I know gets around this by using a tablet with no SIM card (no IMEI/IMSI to transmit) and a mobile wifi (mifi) hotspot in emergencies or when there is no wifi (as mobile connectivity is better - and presumably the hotspot has an IMSI and IMEI),

Unfortunately the lovely people at Google have implemented massive identity leakage so that through any given network connection, the device is constantly phoning-home to Google's servers. Even on, in my limited experience, Cyanogenmod without Google Play Services... Which is far from OK. Or private. What TOR can do is anonymise you partially through the 'pipe' from your browser to a given point on the internet so that harvesting data and tracking at THAT end is harder to do. Unfortunately Google still sees a data connection coming from your device through whatever network (VPN included) and logs it. So your journalist friend is only halfway there. She needs a device that simply doesn't phone home at all. Or at least without permission. I.e. something like a MAC-spoofed Linux laptop, hardened for security (TAILS leaves traces on a USB stick, even after wiping and formating it - little-known fact, honeypot shortlist fans - may as well use a fast, tiny disposable one that can be broken under the heel with one blow and flushed/burnt in an instant and do these exist on the market? )... and running through TOR and a VPN etc. I'm no expert. Privacy just gets to be a mission in and of itself!

Hey so im trying to use Orfox but every... Lets say month or so it goes from working fine to just not loading any pages whatsoever. I get this "browser has timed out" related message and nothing ever loads more than 1/4th of the way according to the orange load status bar at the top under the address bar.
I also cannot select the "Orfox settings" tab in the dropdown menu. It immediately goes to "the address wasnt understood"

What can i do to fix this besides continually uninstaling and re installing which doesnt always work.

My phone is lg v20 h918 adb rollback 1 and android ver 7.0
Lmk if i need to include anymore info or what i can do to help fix this

Hi! There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.3.2-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time in February.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It introduces a mechanism to handle the high loads that many relay operators have been reporting recently. It also fixes several bugs in older releases. If this new code proves reliable, we plan to backport it to older supported release series.

Changes in version 0.3.3.2-alpha - 2018-02-10

Major features (denial-of-service mitigation):

Give relays some defenses against the recent network overload. We start with three defenses (default parameters in parentheses). First: if a single client address makes too many concurrent connections (>100), hang up on further connections. Second: if a single client address makes circuits too quickly (more than 3 per second, with an allowed burst of 90) while also having too many connections open (3), refuse new create cells for the next while (1-2 hours). Third: if a client asks to establish a rendezvous point to you directly, ignore the request. These defenses can be manually controlled by new torrc options, but relays will also take guidance from consensus parameters, so there's no need to configure anything manually. Implements ticket 24902.

Major bugfixes (netflow padding):

Stop adding unneeded channel padding right after we finish flushing to a connection that has been trying to flush for many seconds. Instead, treat all partial or complete flushes as activity on the channel, which will defer the time until we need to add padding. This fix should resolve confusing and scary log messages like "Channel padding timeout scheduled 221453ms in the past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.